Re: LACP trunk load balancing hash algorithm
On Mon, Jan 17 2011 at 35:23, Jason Healy wrote: I had a few hours to play with a hardware traffic generator today, I wanted to try beating up my OpenBSD setup to see what kind of throughput I could get. For the curious, I was able to pulverize it with 64 byte packets and it topped out at about 165kpps. Throughput was less than physical interface speed (about 800Mbps). For fun, I cranked the payload size up to 1500 bytes, but I couldn't get the box to exceed 1Gbps, even though I had several gigabit interfaces trunked together. At first, it was a switch problem (the switch was sending all the traffic over a single link). However, after I found out my switches LACP hash algorithm I was able to spread the traffic out by randomizing the port numbers. I also played with a traffic generator recently. Here are sone numbers with the tests we've done : Hardware : Dell R310, 2 Gb of RAM, CPU was a quad core, I didn't wrote the exact model yet. I could bring it in a few days. NIC : Intel gigabit Quad port ET2 (Chipset 82576) Software : 4.8-stable, no patch, no sysctl customisation except ip.forwarding=1 Firewall Ruleset : echo pass all /etc/pf.conf pfctl -f /etc/pf.conf Max pps =~ 330-340K Test IMIX =~ 1,1 Gb/s We were able to fully route 2Gb/s of traffic with 1024 packet length (1 Gb/s in each direction) without loosing a single packet. Theorically, the box should be able to route 4Gb/s (33*10^4*1518*8) Largely enougth for our use :) I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD box, but only 1Gbps was coming back. Therefore, I'm guessing that the load-balancing algorithm for OpenBSD does not behave the same way as my Juniper switching gear. Does anybody know the LACP hash that the trunk interface in OpenBSD uses to load-balance the outgoing traffic? I didn't have time to do more than a cursory test with different port numbers and IP addresses, so I'm not sure what I might be doing wrong, or if its even possible to use layer 3/4 info in OpenBSD to hash the traffic. Since I'm using the box as a router, layer 2 hashing doesn't help me very much since the source MAC is always the same. I took a peek at the source, but I'm definitely not a C hacker, so nothing jumped out at me for computing the hash... Thanks, Jason Claer
Re: LACP trunk load balancing hash algorithm
On Mon, Jan 17, 2011 at 11:35:02PM -0500, Jason Healy wrote: I had a few hours to play with a hardware traffic generator today, I wanted to try beating up my OpenBSD setup to see what kind of throughput I could get. For the curious, I was able to pulverize it with 64 byte packets and it topped out at about 165kpps. Throughput was less than physical interface speed (about 800Mbps). For fun, I cranked the payload size up to 1500 bytes, but I couldn't get the box to exceed 1Gbps, even though I had several gigabit interfaces trunked together. At first, it was a switch problem (the switch was sending all the traffic over a single link). However, after I found out my switches LACP hash algorithm I was able to spread the traffic out by randomizing the port numbers. I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD box, but only 1Gbps was coming back. Therefore, I'm guessing that the load-balancing algorithm for OpenBSD does not behave the same way as my Juniper switching gear. Does anybody know the LACP hash that the trunk interface in OpenBSD uses to load-balance the outgoing traffic? I didn't have time to do more than a cursory test with different port numbers and IP addresses, so I'm not sure what I might be doing wrong, or if its even possible to use layer 3/4 info in OpenBSD to hash the traffic. Since I'm using the box as a router, layer 2 hashing doesn't help me very much since the source MAC is always the same. I took a peek at the source, but I'm definitely not a C hacker, so nothing jumped out at me for computing the hash... 165kpps is fairly low. Please add a dmesg so there is a chance to see what is causing this low rate. Modern HW with good nics should handle around 500kpps. Btw. trunk is using src dest MAC addrs, a possible vlan tag and the IP / IPv6 src dst addrs to build the hash. It does not use port numbers. The function used for this is trunk_hashmbuf(). -- :wq Claudio
Re: LACP trunk load balancing hash algorithm
On Jan 18, 2011, at 6:51 AM, Claudio Jeker wrote: 165kpps is fairly low. Please add a dmesg so there is a chance to see what is causing this low rate. Modern HW with good nics should handle around 500kpps. Good to know. Right now we're only on a 45Mbps connection at about 5kpps, so that seemed fine to me. =) I've attached the dmesg below. It's nothing fancy, as our needs aren't too huge. I was just pushing this particular machine to its limits for fun to see what it could do since I had the traffic generator on-site for a little extra time. I didn't have a lot of time, so proper repeated testing wasn't really possible. Even though we don't have the box anymore, I may set up some iperf machines later to push it again just to verify the config (or test any suggestions I receive from the list). When the packet rate leveled off, we were at about 90% interrupt / 7% idle on one CPU. The other CPU was (as expected), idle. Booting to SP didn't make a noticeable difference. There were a significant number of ifq drops, though I figured that was because the box was getting twice as much traffic in as it was passing back out (and increasing maxlen substantially didn't do much). The ruleset is simple: === table ixiablue { 192.168.100.101 } counters table ixiared { 192.168.101.101 } counters altq on trunk1 hfsc bandwidth 2Gb queue { other , toblue , tored } queue other hfsc(realtime 10Mb linkshare 10Mb upperlimit 10Mb default) queue toblue hfsc(realtime 100Mb linkshare 100Mb upperlimit 2Gb) qlimit 50 queue tored hfsc(realtime 100Mb linkshare 100Mb upperlimit 2Gb) qlimit 50 block log (all) pass flags any pass out on trunk1 from ixiablue to ixiared queue tored pass out on trunk1 from ixiared to ixiablue queue toblue === Turning off queuing improved performance somewhat, but isn't helpful as a real-world test since we rely on queuing in our production environment. Btw. trunk is using src dest MAC addrs, a possible vlan tag and the IP / IPv6 src dst addrs to build the hash. It does not use port numbers. The function used for this is trunk_hashmbuf(). Interesting. We definitely were seeing one of the interfaces in the trunk totally unused for traffic outbound from the OpenBSD box. Since it doesn't use port numbers, I suppose it's possible that we were just unlucky with the src/dst IPs (we were only testing with two endpoint addresses and relying on the multiple layer 4 ports to hash differently). The trunk interface had a single IP (no vlans), and we were routing traffic to it from our core switch using a policy routing scheme (we normally have a box like this deployed in an off-path routing setup, so our core switch passes traffic to it to be shaped). Not sure if a routed setup like that changes the hash (it doesn't sound like it should), but I thought I'd mention it. We can try again with more IP addresses next time to see if that spreads the traffic a little more. Thanks, Jason # dmesg OpenBSD 4.8 (GENERIC.MP) #335: Mon Aug 16 09:09:20 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3486973952 (3325MB) avail mem = 3380334592 (3223MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries) bios0: vendor Phoenix Technologies LTD version 1.3a date 11/03/2009 bios0: Supermicro X7SBi acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP _MAR MCFG HPET APIC BOOT SPCR ERST HEST BERT EINJ SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz, 3000.62 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,S SSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu0: 6MB 64b/line 16-way L2 cache cpu0: apic clock running at 333MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz, 3000.21 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,S SSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu1: 6MB 64b/line 16-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfecc, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PXHA) acpiprt2 at acpi0: bus 3 (PEX_) acpiprt3 at acpi0: bus 5 (EXP1) acpiprt4 at acpi0: bus 13 (EXP5) acpiprt5 at acpi0: bus 15 (EXP6) acpiprt6 at acpi0: bus 17 (PCIB) acpicpu0 at acpi0: C3, PSS acpicpu1 at acpi0: C3,
Relayd and URL Filter problem
Hi, We have the following code in our relayd.conf file and it works fantasticaly for our http traffic that we have been putting through it. We now want to start using webdav and have realised that the header change lines are stopping webdav from working for some reason. Is there possible to filter by domain so that say for webdav.domain.com we don't do any header change ? We realise that we could just get another IP address and get pf to forward to another port but if it's possible to filter in relayd then that would be our preferred option. http protocol http_service { tcp { sack, socket buffer 65536, backlog 1000 } return error header change X-Forwarded-For to $REMOTE_ADDR header change Keep-Alive to $TIMEOUT header change Connection to close } relay http_forwarder { listen on 127.0.0.1 port 8080 protocol http_service forward to web_hosts port 80 mode loadbalance check http / code 200 } Thanks Keith
Re: LACP trunk load balancing hash algorithm
On Tue, 18 Jan 2011 18:51:32 +0700, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Mon, Jan 17, 2011 at 11:35:02PM -0500, Jason Healy wrote: I had a few hours to play with a hardware traffic generator today, I wanted to try beating up my OpenBSD setup to see what kind of throughput I could get. For the curious, I was able to pulverize it with 64 byte packets and it topped out at about 165kpps. Throughput was less than physical interface speed (about 800Mbps). For fun, I cranked the payload size up to 1500 bytes, but I couldn't get the box to exceed 1Gbps, even though I had several gigabit interfaces trunked together. At first, it was a switch problem (the switch was sending all the traffic over a single link). However, after I found out my switches LACP hash algorithm I was able to spread the traffic out by randomizing the port numbers. I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD box, but only 1Gbps was coming back. Therefore, I'm guessing that the load-balancing algorithm for OpenBSD does not behave the same way as my Juniper switching gear. Does anybody know the LACP hash that the trunk interface in OpenBSD uses to load-balance the outgoing traffic? I didn't have time to do more than a cursory test with different port numbers and IP addresses, so I'm not sure what I might be doing wrong, or if its even possible to use layer 3/4 info in OpenBSD to hash the traffic. Since I'm using the box as a router, layer 2 hashing doesn't help me very much since the source MAC is always the same. I took a peek at the source, but I'm definitely not a C hacker, so nothing jumped out at me for computing the hash... 165kpps is fairly low. Please add a dmesg so there is a chance to see what is causing this low rate. Modern HW with good nics should handle around 500kpps. My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps outbound packet during rootkits attacks on one of our collocated costumer, on an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still responsive (I get to ssh-ed the machine and see systat). Btw. trunk is using src dest MAC addrs, a possible vlan tag and the IP / IPv6 src dst addrs to build the hash. It does not use port numbers. The function used for this is trunk_hashmbuf(). dmesg: OpenBSD 4.8-current (GENERIC.MP) #21: Sun Nov 21 03:46:30 WIT 2010 r...@greenrouter-jkt01.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error ffixed_disk,invalid_time cpu0: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM real mem = 2142744576 (2043MB) avail mem = 2097610752 (2000MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @ 0x7fbe4000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0054.061120091710 date 06/11/2009 bios0: Intel S3000AH acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P32_) acpiprt2 at acpi0: bus 1 (PEX0) acpiprt3 at acpi0: bus -1 (PEX1) acpiprt4 at acpi0: bus -1 (PEX2) acpiprt5 at acpi0: bus -1 (PEX3) acpiprt6 at acpi0: bus 2 (PEX4) acpiprt7 at acpi0: bus 3 (PEX5) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpicpu2 at acpi0: PSS acpicpu3 at acpi0: PSS acpibtn0
question about example in pf.conf(5)
Hi folks, pf.conf(5) says In the example below, packets bound for one specific server, as well as those generated by the sysadmins are not proxied; all other connections are. match in on $int_if proto { tcp, udp } from any to any port 80 \ rdr-to 127.0.0.1 port 80 pass in on $int_if proto { tcp, udp } from any to $server port 80 pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80 I don't see that yet. All traffic for 80/tcp on $int_if matches the first line, so I would assume that all this traffic is redirected, regardless whether the following pass in rules match. They don't undo the redirection. ??? Sorry for asking. This might be trivial to you, but I am still trying to get used to the new packet filter syntax. Of course I checked the FAQs. Any helpful comment would be highly appreciated. Regards Harri
Re: Page fault trap on IBM x336
Hello Patrick, Do you think this could work for 4.8? How could you compile kernel and ramdisk kernel with the old 1.72 pci.c, using another box that boots 4.7? Regards, Marcos Patrick Coleman wrote: On Wed, Jun 9, 2010 at 10:47 AM, patrick keshishian pkesh...@gmail.com wrote: you realize obsd4.5 isn't supported any longer since 4.7 was released. Fair enough. I've managed to get 4.7 working by reverting /sys/dev/pci/pci.c to 1.72, as suggested in that thread, so I guess I'll try that. Cheers, Patrick
Re: question about example in pf.conf(5)
Hi Harald, Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100: pf.conf(5) says In the example below, packets bound for one specific server, as well as those generated by the sysadmins are not proxied; all other connections are. match in on $int_if proto { tcp, udp } from any to any port 80 \ rdr-to 127.0.0.1 port 80 pass in on $int_if proto { tcp, udp } from any to $server port 80 pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80 I don't see that yet. All traffic for 80/tcp on $int_if matches the first line, so I would assume that all this traffic is redirected, regardless whether the following pass in rules match. They don't undo the redirection. pf.conf(5) also says: For each packet processed by the packet filter, the filter rules are evaluated in sequential order, from first to last. For block and pass, the last matching rule decides what action is taken; if no rule matches ... Yours, Ingo
x336 IBM servers reboots
Hello list, I'd like to inform that this problem: http://www.pubbs.net/200910/openbsd/42943-46-reboots-x336-ibm-servers.html keeps happening also with OpenBSD 4.7 and 4.8 . The last version i can install or upgrade on this is 4.5. Didn't try -current yet. I have several of this IBM x336 servers waiting to be running OpenBSD Best regards, Marcos Laufer
Re: question about example in pf.conf(5)
* Ingo Schwarze schwa...@usta.de [2011-01-18 16:59]: Hi Harald, Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100: pf.conf(5) says In the example below, packets bound for one specific server, as well as those generated by the sysadmins are not proxied; all other connections are. match in on $int_if proto { tcp, udp } from any to any port 80 \ rdr-to 127.0.0.1 port 80 pass in on $int_if proto { tcp, udp } from any to $server port 80 pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80 I don't see that yet. All traffic for 80/tcp on $int_if matches the first line, so I would assume that all this traffic is redirected, regardless whether the following pass in rules match. They don't undo the redirection. pf.conf(5) also says: For each packet processed by the packet filter, the filter rules are evaluated in sequential order, from first to last. For block and pass, the last matching rule decides what action is taken; if no rule matches ... that doesn't contradict the OP at all. match rdr-to is indeed sticky and the example flawed. replacing the match with pass would make it work. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Oportunidad de Negocio | en U.S.A.
[demime 1.01d removed an attachment of type image/jpeg which had a name of REDUCE ONE SEP 2010.001.jpg]
Re: Version numbering
I obviously have to much time on my hands at the moment. I like the link to http://www.openbsd.org/donations.html though. And I think the original poster should donate an extra $50 to admonish himself. -mark Index: faq8.html === RCS file: /cvs/www/faq/faq8.html,v retrieving revision 1.225 diff -u -p -r1.225 faq8.html --- faq8.html 18 Jan 2011 16:31:37 - 1.225 +++ faq8.html 18 Jan 2011 19:11:13 - @@ -63,6 +63,7 @@ lia href= #wwwnotstd 8.23 - Why do the OpenBSD web pages not conform to HTML4/XHTML?/a lia href= #NTPerror8.24 - Why is my clock off by twenty-some seconds?/a lia href= #TimeZone8.25 - Why is my clock off by several hours?/a +lia href= #Versions8.26 - Release Version Numbering/a /ul hr @@ -1422,6 +1423,26 @@ See also: lia href=faq6.html#OpenNTPDOpenBSD's NTPD/a /ul +a name=Versions/a +h28.26 - Release Version Numbering/h2 + +An OpenBSD release is a biannual occurrence, taking place +in the May and November of each year. With every release, the version number increments +by 0.1. Therefore, if the release in May is x.7, the release in Dec will be x.8. This +continues until x.9 is reached. Then, with the following release the whole number roles over. +For example: + +p +...4.7 - 4.8 - 4.9 - 5.0 - 5.1...etc + +p +There is no x.10 or x.11. +More information on the release cycle can be found +a href=http://www.openbsd.org/faq/faq5.html#Flavors;here/a. +More information on why it is done this way is available +a href=http://www.openbsd.org/papers/asiabsdcon2009-release_engineering/;here/a. +Importantly, releases will continue as long as there is +a href=http://www.openbsd.org/donations.html;support/a. p font color= #e0
Re: x336 IBM servers reboots
On k, jan 18, 2011 at 12:06:19 -0300, Marcos Laufer wrote: Hello list, I'd like to inform that this problem: http://www.pubbs.net/200910/openbsd/42943-46-reboots-x336-ibm-servers.html keeps happening also with OpenBSD 4.7 and 4.8 . The last version i can install or upgrade on this is 4.5. Didn't try -current yet. I have several of this IBM x336 servers waiting to be running OpenBSD http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6523 -- LIVAI Daniel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
Re: LACP trunk load balancing hash algorithm
On 18/01/2011, at 11:25 PM, Insan Praja SW wrote: My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps outbound packet during rootkits attacks on one of our collocated costumer, on an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still responsive (I get to ssh-ed the machine and see systat). where were you reading this 1.3Mpps value from? dlg
Re: LACP trunk load balancing hash algorithm
On Tue, Jan 18, 2011 at 6:40 PM, David Gwynne l...@animata.net wrote: On 18/01/2011, at 11:25 PM, Insan Praja SW wrote: My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps outbound packet during rootkits attacks on one of our collocated costumer, on an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still responsive (I get to ssh-ed the machine and see systat). where were you reading this 1.3Mpps value from? I think David is asking because 1.3Mpps and 80Mbps implies your traffic consists of 8 byte packets, which may be enough for source and destination IP addresses, but doesn't leave room for the port numbers. :)
Infrastructure Physical Security Methodology - Just released Ref: 989582
To: misc@openbsd.org The Integrated Physical Security Handbook II Second Edition 5-Step Management Process Toolkit to Assess and Secure Critical Infrastructure From All-Hazards Threats Written Compiled by: Shuki Einstein and Don Philpott Integrated Physical Security Integrated Physical Security Handbook 2nd Edition Questions?: Call or Email Barbara Musick, Bookstore Manager, at barbara.mus...@governmenttraininginc.com or (941) 306-7968 Additional Security and Mangement Books Published by Government Training Inc.: (For details, go to www.GovernmentTrainingInc.com) Workplace Violence School Security Handbook for Managing Teleworkers Handbook for Managing Teleworkers - Toolkit Comments from Book Reviewers: Quote: Outstanding. The added content makes a good reference even better. Quote: Your focus on a management process and checklists moves the development of security plans within the reach of all levels of security management. Quote: The use of icons to highlight important text makes reading this a breeze. Allows me to focus on the content of most interest to me. Book Review: Integrated Physical Security - 2nd Edition The Integrated Physical Security Handbook has become the recognized manual for commercial and government building and facility security managers responsible for developing security plans based on estimated risks and threats -- natural or terrorist. This new and much expanded edition provides even more tools to effectively manage change and incorporates latest techniques and lessons learned. Using an easy to follow five step process the Handbook explains how to conduct crucial risk and threat assessments, the basis for all physical security planning. However, it also incorporates a methodology to ensure that the core business function of the facility is not adversely impacted making it a comprehensive integrated physical security program. Using checklists and standard practices, it provides a hands-on, how-to guide that leads you in a user-friendly way through all the steps and processes needed to evaluate, design and implement an effective integrated physical security system. The book was produced under the leadership of the Government Training Inc. and written by a team of nationally recognized AE and security experts. This new edition covers a number of additional areas including convergence of systems, building modeling, emergency procedures, privacy issues, cloud computing, shelters and safe areas and disaster planning. There is also a comprehensive glossary as well as access to a dedicated website at www.physicalsecurityhandbook.com that provides purchasers of the book an on-line library of over 300 pages of additional reference materials. The first edition was bought by corporations and government agencies worldwide and ASIS International in its five-star review said, This is an excellent textbook for novice security managers and a great desk reference for industry veterans. This new, expanded and updated edition makes it an even more invaluable resource. The Integrated Physical Security Handbook - 2nd Edition FAX Back or Mail Back Order Form, or On-Line Purchase is available at our Secure Payment Server at www.GovernmentTrainingInc.com/IPSH_Prior_Purchaser Questions?: Call or Email Barbara Musick at barbara.mus...@governmenttraininginc.com or (941) 306-7968 Shipping Address Name: (Please Print) Business Title: Company/Agency: Address: City, State, and Zip Code Phone Number: Email Address: Fax Number: Purchase Fee: Each purchaser will receive the following: One copy of the printed Grants Writer's Handbook and password access to the reference library. Please allow 2 weeks for delivery of the printed handbook. Government Rate: $109.00 plus SH Corporate Rate: $129.00 plus SH (Includes contractors supporting government) Please Note: To obtain the Government Purchase Rate of $109.00*** 1. You must provide a Government Email Address (.gov, .mil, .us .edu etc) 2. You must provide a Government Office/Building Address ***$8.50 Shipping Handling applies to all purchases for delivery in U.S.. International Rate: $179.00 includes shipping with tracking number. NOTE: Government Training Inc. Tax ID: 27-0799412 Method of Payment - Discount Code: During checkout you will be offered an opportunity to enter a COUPON CODE. Enter SECURITY2011 as the code and you will receive your $20.11 discount. Remember, SH still applies. __ _Company/Agency Check (payable to Government Training Inc.) __ Credit Card Type of Credit Card (check one): __ Visa __ MasterCard __ American Express Discover Card Number: _ Exp. Date: _ Security Code ___ Name Printed on Card: __ (Please provide
Scheduled tours
Dear Sir / Madam We have various unique, interesting exciting Scheduled Tour Departures itineraries for all age groups, that cover South Africa and other Southern African countries. These packages are great value for money and they depart with 6 - 12 persons per tour. Although, we guaranteed tour departure with 2 + people for all tours. Please find below a list of these tour departure dates for 2011 2012. We recommend an Agents Add-on Commission of 15-20 %. For further information, please contact me direct at b...@lantic.net wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:mailt o:b...@lantic.net or +27 (0) 12 9911818 or visit either of our websites www.bushsafaris.co.za or www.selfdrivesa.com. Kind regards Laurence Marks bSCHEDULED TOURSb DEPARTURES 2011 2012 Agents - we recommend you add a minimum of 15 - 20 % commission. Itineraries can be viewed on our website - www.bushsafaris.co.za wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/ 2011 11 Day - The Luxuries of Africa Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/fun.html - 1 / 2011 Dates: 12 January 2011 to 22 January 2011 Closing Date: 12 November 2010 Price: R44 530.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00 Depart - Cape Town after 19h00 Add-on tour: 3 x Nights / Victoria Falls is available 11 Day - Kruger to Limpopo Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/bushveld.html - 2 / 2011 Dates: 02 February 2011 to 12 February 2011 Closing Date: 02 December 2010 Price: R19 725.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00 Depart - Johannesburg (O R Tambo International) after 19h00 Add-on tour: 4 x Nights / Cape Town is available 3 x Nights / Victoria Falls is available 11 Day - Africabs Wildlife the Zulu Kingdom Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/zulutour.html - 3 / 2011 Dates: 16 February 2011 to 26 February 2011 Closing Date: 16 December 2010 Price: R18 765.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00 Depart - Johannesburg (O R Tambo International) after 19h00 Add-on tour: 4 x Nights / Cape Town is available 3 x Nights / Victoria Falls is available 17 Day - The Magic of SA Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/fun.html - 4 / 2011 Dates: 09 March 2011 to 25 March 2011 Closing Date: 09 January 2011 Price: R35 640.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00 Depart - Cape Town International after 19h00 Add-on tour: 3 x Nights / Victoria Falls is available 11 Day - The Fairest Cape Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/zulutour.html - 5 / 2011 Dates: 13 April 2011 to 23 April 2011 Closing Date: 13 February 2011 Price: R19 820.00 per person sharing Your flight bookings: Arrive - Port Elizabeth via Johannesburg before 17h00 Depart - Cape Town after 19h00 Add-on tour: 3 x Nights / Kruger is available 3 x Nights / Victoria Falls is available 11 Day - Africabs Wildlife the Zulu Kingdom Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/zulutour.html - 6 / 2011 Dates: 27 April 2011 to 07 May 2011 Closing Date: 27 February 2011 Price: R18 765.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00 Depart - Johannesburg (O R Tambo International) after 19h00 Add-on tour: 4 x Nights / Cape Town is available 3 x Nights / Victoria Falls is available 11 Day - Africabs Wildlife the Zulu Kingdom Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/zulutour.html - 7 / 2011 Dates: 11 May 2011 to 21 May 2011 Closing Date: 11 March 2011 Price: R18 765.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00 Depart - Johannesburg (O R Tambo International) after 19h00 Add-on tour: 4 x Nights / Cape Town is available 3 x Nights / Victoria Falls is available 11 Day - Kruger to Limpopo Tour wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http: //www.bushsafaris.co.za/bushveld.html - 8 / 2011 Dates: 08 June 2011 to 18 June 2011 Closing Date: 08 April 2011 Price: R19 725.00 per person sharing Your flight bookings: Arrive - Johannesburg (O R Tambo International) before 10h00
Alege o locuinta pentru tine
Daca aveti probleme cu vizionarea acestui email dati [click aici] pentru a vizualiza varianta online! [IMAGE] [IMAGE] Newsletter 18.01.2011 [IMAGE] CaseFaraIntermediari.roUrmariti-ne pe Facebook!Urmariti-ne pe Twitter!Urmariti-ne pe Blogger! [IMAGE] Ultimele anunturi adaugate Vezi toate anunturile [IMAGE] [IMAGE] Vila 4 camere - Clinceni, Ilfov Vila 4 camere - Clinceni, Ilfov 69.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Apartament 4 camere - Piata Romana, Bucuresti Apartament 4 camere - Piata Romana, Bucuresti 160.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Teren intravilan - Piata Unirii - Horoscop Teren intravilan - Piata Unirii - Horoscop 1.045.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Casa de vacanta - Secaria, Prahova Casa de vacanta - Secaria, Prahova 125.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Apartament 2 camere - Brancoveanu, Bucuresti Apartament 2 camere - Brancoveanu, Bucuresti 52.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] Publica si tu un anunt! [IMAGE] Stiri Imobiliare Vezi toate stirile [IMAGE] [IMAGE] Promisiune: 50.000 de locuinte in patru ani. Realizare: cinci in doi ani Promisiune: 50.000 de locuinte in patru ani. Realizare: cinci in doi ani Cu efect dezamagitor pe piata constructiilor, programul continua cu motorul subturat Guvernul va aproba maine prelungirea facilitatii si alocarea a numai 200 de milioane de euro plafon de garantare, fata de 700-1.000 de milioane de euro la editiile preceden! te Programul âPrima casaâ a ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Persoanele care iau credite bPrima Casab pun conturile curente drept gaj in favoarea bancii Persoanele care iau credite bPrima Casab pun conturile curente drept gaj in favoarea bancii Persoanele care vor lua credite Prima CasD vor pune conturile curente drept gaj nn favoarea bDncii, vor avea posibilitatea sD solicite modificarea valutei, reeEalonarea sau r! escadenE#area nmprumutului, iar condiE#ia privind asocierea a Eapte beneficiari pentru construcE#ia de ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Cocor si-a dublat cifra de afaceri in T4, dupa redeschiderea magazinului Cocor si-a dublat cifra de afaceri in T4, dupa redeschiderea magazinului Cocor (COCR) a inregistrat in ultimul trimestru al anului 2010 o cifra de afaceri de 8,4 mil lei, de doua ori mai mare fata de aceeasi perioada din 2009, in urma deschiderii Cocor Department Store in octombrie 2010, anuntat luni compania. âRezultatele din ultimul trimestru al anului trecut ...[CITESTE TOT] [IMAGE] [IMAGE] Oferte turistice Vezi toate ofertele [IMAGE] [IMAGE] Pensiunea The Guesthouse - Bran, Brasov Pensiunea The Guesthouse - Bran, Brasov negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Cezar - Moeciu Pensiunea Cezar - Moeciu negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Milenium - Bran Pensiunea Milenium - Bran negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Popasul Cavalerului - Bran Pensiunea Popasul Cavalerului - Bran negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Vila Andrei - Bran, Brasov Pensiunea Vila Andrei - Bran, Brasov 60 EUR/luna INCHIRIERE DETALII ; [IMAGE] [IMAGE] Publica si tu un anunt! Stiri economice Vezi toate stirile [IMAGE] [IMAGE] Sfarsitul lumii in 2012? Mayasii n-au vorbit niciodata de asa ceva Sfarsitul lumii in 2012? Mayasii n-au vorbit niciodata de asa ceva Oamenii de stiinta mexicani, membri ai Universitatii Nationale Autonome din Mexic (UNAM), au specificat faptul ca nu exista profetii ale civilizatiei mayase privind apocalipsa sau un pericol mondial care ar urma sa se desfasoare in decembrie 2012, anunta agerpres.ro. In scrierile ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Basescu despre tigani: Le taiem alocatiile daca nu isi trimit copiii la scoala! Basescu despre tigani: Le taiem alocatiile daca nu isi trimit copiii la scoala! Presedintele Traian Basescu a declarat, astazi, ca Romania va actiona mai dur in rezolvarea problemei romilor, un exemplu fiind chiar retragerea alocatiei pentru parintii care nu-si trimit copiii la scoala, a! nunta realitatea.net. Exista o lipsa de intelegere fata de cat de ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Romania, cel mai mic salariu minim din UE in 2010 Romania, cel mai mic salariu minim din UE in 2010 Romania si Letonia sunt singurele tari din Uniunea Europeana in care salariile minime in euro au fost mai mici anul trecut, potrivit unei analize efectuate de Eurostat. Salariul minim nn Rombnia a scDzut nn 2010 de la 149 de euro la 141 de euro, clasbndu-se din acest ...[CITESTE TOT] [IMAGE] [IMAGE] Scoala romaneasca Vezi toate scolile [IMAGE] [IMAGE] Scoala Nr. 195 Scoala Nr. 195 Lunca Bradului Nr. 2 DETALII ; [IMAGE] [IMAGE]